sdk

package

v0.64.20 Latest Latest Go to latest Published: May 23, 2026 License: MIT Imports: 20 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/agentserver/agentserver

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
type ConnectedExecutor
type ConnectedLister
type ConnectorEnv
type ConnectorEnvsListResponse
type ConnectorErrorBody
type ConnectorErrorResponse
type ConnectorOKResponse
type ConnectorOutputChunk
type ConnectorOutputResponse
type ConnectorStdinRequest
type ConnectorTool
type ConnectorToolCallRequest
type ProxyTokenAuth
- func NewProxyTokenAuth(agentserverURL, internalSecret string, posTTL, negTTL time.Duration) *ProxyTokenAuth
- func (a *ProxyTokenAuth) Verify(ctx context.Context, token string) (workspaceID, userID string, err error)
type RelayClientFactory
type Server
- func (s *Server) Mount(r chi.Router)

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrUnauthorized = errors.New("sdk auth: token rejected by agentserver")

ErrUnauthorized is returned by ProxyTokenAuth.Verify for tokens that agentserver rejects. Callers MUST respond with HTTP 401 (never 5xx) so a misconfigured client recovers without retrying forever.

Functions ¶

This section is empty.

Types ¶

type ConnectedExecutor ¶

type ConnectedExecutor struct {
	ExeID      string `json:"exe_id,omitempty"`
	Name       string `json:"name"`
	IsDefault  bool   `json:"is_default,omitempty"`
	LastSeenAt string `json:"last_seen_at,omitempty"`
}

ConnectedExecutor mirrors the fields codex-exec-gateway's existing /api/exec-gateway/connected handler returns. Defined here to avoid importing the handler package from sdk.

type ConnectedLister ¶

type ConnectedLister interface {
	Connected(ctx context.Context, workspaceID string) ([]ConnectedExecutor, error)
}

ConnectedLister is the subset of the gateway's executor registry the sdk package needs. The B6 wiring step provides an adapter that satisfies this interface from the existing store + registry types.

type ConnectorEnv ¶ added in v0.64.20

type ConnectorEnv struct {
	Name      string          `json:"name"`
	Type      string          `json:"type"            example:"executor"`
	IsDefault bool            `json:"is_default"`
	Tools     []ConnectorTool `json:"tools"`
	LastSeen  string          `json:"last_seen,omitempty"`
}

ConnectorEnv is one connected executor as returned by /envs/list. LastSeen is RFC3339 UTC.

type ConnectorEnvsListResponse ¶ added in v0.64.20

type ConnectorEnvsListResponse struct {
	Envs []ConnectorEnv `json:"envs"`
}

ConnectorEnvsListResponse is the response body for /envs/list.

type ConnectorErrorBody ¶ added in v0.64.20

type ConnectorErrorBody struct {
	Code    string `json:"code"     example:"unknown_tool"`
	Message string `json:"message"`
}

type ConnectorErrorResponse ¶ added in v0.64.20

type ConnectorErrorResponse struct {
	Error ConnectorErrorBody `json:"error"`
}

ConnectorErrorResponse is the JSON envelope returned by every 4xx/5xx connector response.

type ConnectorOKResponse ¶ added in v0.64.20

type ConnectorOKResponse struct {
	OK bool `json:"ok"  example:"true"`
}

ConnectorOKResponse is the response body for /processes/{sid}/stdin and /processes/{sid}/terminate on success.

type ConnectorOutputChunk ¶ added in v0.64.20

type ConnectorOutputChunk struct {
	Stream string `json:"stream"   enums:"stdout,stderr"`
	Data   string `json:"data_b64"`
	Seq    int    `json:"seq"`
}

ConnectorOutputChunk is one entry in the chunks array returned by GET /api/connectors/processes/{sid}/output.

type ConnectorOutputResponse ¶ added in v0.64.20

type ConnectorOutputResponse struct {
	Chunks       []ConnectorOutputChunk `json:"chunks"`
	ExitCode     *int                   `json:"exit_code"  extensions:"x-nullable=true"`
	SessionAlive bool                   `json:"session_alive"`
	Truncated    bool                   `json:"truncated"`
	LostBytes    int                    `json:"lost_bytes"`
}

ConnectorOutputResponse is the response body for /processes/{sid}/output. ExitCode is null while the process is still running.

type ConnectorStdinRequest ¶ added in v0.64.20

type ConnectorStdinRequest struct {
	DataB64 string `json:"data_b64"  example:"aGVsbG8="`
}

ConnectorStdinRequest is the request body for POST /api/connectors/processes/{sid}/stdin.

type ConnectorTool ¶ added in v0.64.20

type ConnectorTool struct {
	Name        string `json:"name"`
	Description string `json:"description"`
	Kind        string `json:"kind"  enums:"core,custom"`
}

ConnectorTool is the per-tool entry in envs/list responses. The SDK uses these to populate its client-side Env.tools. The server validates tool arguments at /tool/call time; this descriptor carries no schema.

type ConnectorToolCallRequest ¶ added in v0.64.20

type ConnectorToolCallRequest struct {
	Tool      string         `json:"tool"      example:"shell"`
	Arguments map[string]any `json:"arguments"`
}

ConnectorToolCallRequest is the request body for POST /api/connectors/envs/{name}/tool/call.

type ProxyTokenAuth ¶

type ProxyTokenAuth struct {
	// contains filtered or unexported fields
}

ProxyTokenAuth turns a sandbox proxyToken into (workspace_id, user_id) by calling agentserver's /internal/validate-proxy-token. Results are LRU-cached with a positive TTL and a shorter negative TTL.

func NewProxyTokenAuth ¶

func NewProxyTokenAuth(agentserverURL, internalSecret string, posTTL, negTTL time.Duration) *ProxyTokenAuth

func (*ProxyTokenAuth) Verify ¶

func (a *ProxyTokenAuth) Verify(ctx context.Context, token string) (workspaceID, userID string, err error)

type RelayClientFactory ¶

type RelayClientFactory func(workspaceID, capToken string) *bridge.RelayClient

RelayClientFactory builds a workspace-scoped bridge.RelayClient on demand for copy_path. The CopyPathTool constructor wants a concrete *bridge.RelayClient (not an interface), and the relay token is a workspace-scoped cap-token — so each workspace gets its own.

type Server ¶

type Server struct {
	Auth     *ProxyTokenAuth
	Sessions *processes.Manager
	Registry ConnectedLister

	// ExecGatewayWSURL is the ws(s):// base URL the per-workspace Pool
	// uses to dial /bridge/<exe_id>. The exe_id is appended per dial
	// (see bridge.NewPool — first arg is treated as the base, the
	// pool's own .Dial appends /<exe_id>). Must end without a trailing
	// slash; e.g. "wss://codex-exec.example.com/bridge" or
	// "ws://localhost:6060/bridge".
	ExecGatewayWSURL string

	// CapTokenSecret is the HMAC secret used to mint per-workspace
	// cap-tokens consumed by the same process's /bridge verifier. Must
	// match cfg.CapTokenHMACSecret in production.
	CapTokenSecret []byte

	// RelayFactory, if non-nil, builds a workspace-scoped
	// bridge.RelayClient used by copy_path. Optional — copy_path is
	// only registered when this is set.
	RelayFactory RelayClientFactory

	Logger *slog.Logger
	// contains filtered or unexported fields
}

Server holds the SDK REST surface. Construct in cmd/codex-exec-gateway/main.go and call Mount(r chi.Router) once at startup.

Per-workspace state — Pool, Resolver, tool registry — is built lazily on the first request for a workspace and cached for the Server's lifetime in wsCache. Each workspace gets its own cap-token (so the bridge layer authorises only that workspace's executors) and its own resolver Fetcher (so name → exe_id lookups are scoped to its connected list).

func (*Server) Mount ¶

func (s *Server) Mount(r chi.Router)

Mount registers every SDK route under /api/connectors/*. Each handler runs through authMiddleware which extracts and validates the Bearer token.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL